1189988209 M * mattzerah tzafrir: ping
1189988307 Q * virtuoso_ Ping timeout: 480 seconds
1189990541 J * friendly12345 ~friendly@ppp121-44-246-24.lns4.mel4.internode.on.net
1189992235 Q * friendly12345 Quit: Leaving.
1189992559 J * friendly12345 ~friendly@ppp121-44-246-24.lns4.mel4.internode.on.net
1189994740 Q * AndrewLee Remote host closed the connection
1189998413 J * hardwire ~bip@rdbck-3819.wasilla.mtaonline.net
1189998558 Q * hardwire 
1189998572 J * hardwire ~bip@rdbck-3819.wasilla.mtaonline.net
1189998706 Q * hardwire 
1189998721 J * hardwire ~bip@rdbck-3819.wasilla.mtaonline.net
1189999625 Q * roym Ping timeout: 480 seconds
1190000886 J * Hollow_ ~hollow@proteus.croup.de
1190000886 Q * Hollow Read error: Connection reset by peer
1190000931 Q * pusling Remote host closed the connection
1190000936 J * kapil ~weechat@users.imsc.res.in
1190000951 N * Hollow_ Hollow
1190000973 J * pusling pusling@88.212.70.38
1190000999 M * kapil is there a way to create a vserver which has no network available even though the host has connectivity?
1190001105 M * kapil i thought this would be "automatic" if there were no interfaces defined in /etc/vservers/vname. but this only prevents network "listen" from working.
1190001267 Q * FireEgl Ping timeout: 480 seconds
1190001283 M * Supaplex kapil: assign it a dummy interface?
1190001356 M * kapil but then it uses that interface to connect to localhost open ports and i have to explicit block that access using iptables.
1190001444 M * kapil in other words my question was wrong :) there *is* a way to do this but that way is rather convoluted. i thought there should be some capability based solution.
1190001540 M * kapil something like having a vserver without a network context or a network context that has no associated interfaces (not even outgoing).
1190001662 M * Supaplex not sure myself. Bertl_zZ is one of the better experts :)  I've wondered that myself before
1190001754 M * kapil Supaplex: the context is to try to create an automated builder that does not have network connections after it has installed dependencies.
1190001824 M * kapil so i suppose until a better solution comes along one can go with dummy interface with iptables blocking.
1190001975 J * AndrewLee ~andrew@flat.iis.sinica.edu.tw
1190002506 M * neuralis kapil: i don't know if/how it's exposed in the userland tools, but if you assign a network context to a guest and don't add an address to that context, the guest can't network at all, which is what you want
1190005139 J * coderanger_ ~coderange@c-65-96-210-168.hsd1.ma.comcast.net
1190007149 J * virtuoso ~s0t0na@pppoe-246.58.110.89-adsl.spbnit.ru
1190008943 N * Bertl_zZ Bertl
1190008951 M * Bertl morning folks!
1190008986 M * Bertl kapil: indeed, not assigning any ip will prevent a network context from binding any ports
1190009078 J * sharkjaw ~gab@158.36.44.106
1190009127 M * kapil Bertl: so if /etc/vservers/name/interfaces/ is empty should prevent any outgoing connections?
1190009202 M * Bertl I assume that depends on the util-vserver version (ask daniel_hozac for details) but if the network context /proc/virtnet/<nid>/* doesn't have any ips assigned, the guest should not be able to bind to anything (with recent kernels that is)
1190009236 M * Bertl note: older kernels handled that as allow everything
1190009343 M * kapil kapil: ok. so i need a newer kernel. i have vciversion 0002:0002 and vcisyscall 273 and util-vserver 0.30.212. 
1190009363 M * kapil which is basically debian etch.
1190009403 M * kapil Bertl: is there some capability removal which would do the same thing with the older kernel.
1190009698 M * Bertl note really, only for the ports below 1024
1190009736 M * Bertl but setting the ip to something which doesn't exist, should have a similar effect
1190009758 M * Bertl i.e. you might be able to bind stuff there, but it will not be shown or routed
1190009781 M * Bertl you can do that with the nodev options in the interface/* config files
1190010133 M * kapil Bertl: great. thanks for the tip. 
1190010635 M * Bertl np, let me know how this goes on the ancient debian kernel :)
1190010883 M * hparker hey Bertl, I've been having all kinds of fun, thanks for the help!
1190010959 J * dna ~dna@8-195-dsl.kielnet.net
1190010981 M * Bertl hparker: you're welcome! what kind of fun?
1190011024 M * hparker I've moved most of my hosting to a vhost, using them to play with, just fun things ;) the real fun will be the MTA ;)
1190011068 M * Bertl so fun fun then? good! :)
1190011085 J * FireEgl FireEgl@Sebastian.Atlantica.US
1190011091 M * kapil Bertl: i defined interface 0 with "nodev" and it seems to have disabled all outgoing connections. if i really want to hide the host ip's then i would also need to hide /proc/net/route
1190011111 M * hparker has killed of a lot of time usually wasted sleeping ;0
1190011113 M * kapil Bertl: this is on debian etch.
1190011370 M * Bertl kapil: just assign an ip which isn't used anywhere
1190011402 M * Bertl ah, no, debian probably has no hiding there in etch
1190011408 M * kapil Bertl: yes. I did that and it worked. the last bit was just a remark.
1190011445 M * kapil Bertl: debian etch may be ancient but your workaround works.
1190011466 M * Bertl excellent!
1190011716 Q * hparker Quit: G'nite
1190012152 Q * coderanger_ Quit: coderanger_
1190012158 M * Supaplex 192.168.255.111 :P
1190012340 Q * kapil Read error: Operation timed out
1190012473 M * tzafrir mattzerah, pong
1190012604 J * jmcaricand ~user@d83-179-255-49.cust.tele2.fr
1190012639 M * Bertl wb tzafrir! jmcaricand!
1190012698 M * tzafrir I've installed later version of vserver utils on Etch
1190012714 M * tzafrir Still using the Etch kernel
1190012755 M * tzafrir was using the 2.6.18-4-686 kernel, until a power failure gave me the possibility to upgrade to 2.6.18-5-686 :-(
1190012895 M * Bertl and everything fine now?
1190013064 J * kapil ~weechat@users.imsc.res.in
1190013563 M * Hollow Bertl: wow, up that early? :)
1190013582 J * ema ~ema@fw.galliera.it
1190013587 M * Bertl Hollow: yeah, shifting my time atm, have some work to do at CET :)
1190013594 M * Hollow too bad :)
1190013616 M * Hollow i should have get up early too for the first railsconf tutorial, but well, 7am is not my time :)
1190013748 J * meandtheshell ~markus@85.127.103.10
1190014001 Q * kapil Read error: Operation timed out
1190015206 J * [ID]-7478 ~ID-318755@218.16.69.225
1190015338 P * [ID]-7478 
1190016116 J * balbir ~balbir@59.145.136.1
1190016818 J * kapil ~weechat@users.imsc.res.in
1190017053 J * ktwilight ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be
1190018598 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr
1190020293 Q * kapil Read error: Operation timed out
1190020378 J * mio ~mio@84.55.97.4
1190020389 M * Bertl welcome mio!
1190020394 M * mio thanks
1190020422 M * mio I have a quick question, is things still being developed for VServer? I haven't seen much changes on the wiki page
1190020446 M * Bertl yes, sure, what do you expect to see there?
1190020485 M * Bertl I see patches for 2.6.22.6 on the main wiki page
1190020504 M * mio I'm happy with it as it is, just the "Latest news" was dated almost a year ago made me worried that the project was about to die
1190020506 M * Bertl (which, IIRC, is the recent stable kernel)
1190020565 M * mio yeah, true. didn't notice that fact.
1190020570 M * Bertl yeah, maybe we should add some things there .. but we are more focused on coding and such ...
1190020598 M * Bertl other projects are more in public relations than we are :)
1190020602 M * mio hehe
1190020615 M * Bertl but feel free to add a few news there :)
1190020640 M * mio :)
1190020677 M * mio anyways, thanks for reassuring me that vserver is the way to go.
1190020716 M * Bertl well, if you want to have lightweight isolation on linux architectures, then yes, definitely :)
1190021051 P * mio 
1190021341 P * friendly12345 
1190021661 M * tzafrir is vserver going into mainline any time soon?
1190021685 M * Bertl I really doubt it, but parts got already integrated
1190022258 J * friendly12345 ~friendly@ppp121-44-246-24.lns4.mel4.internode.on.net
1190022599 J * kapil ~weechat@users.imsc.res.in
1190022944 M * matti say Morning :)
1190022961 M * Bertl wb kapil!
1190022968 M * matti ;p
1190023285 J * Piet ~piet@tor.noreply.org
1190023314 M * Bertl wb Piet!
1190023723 M * Piet cheers
1190023768 J * shani ~admin@202.133.77.38
1190023777 M * Bertl welcome shani!
1190023798 M * shani Hi Bertl
1190023799 M * shani :)
1190023963 Q * shani Read error: Connection reset by peer
1190024020 J * shani ~admin@202.133.77.38
1190024025 M * Bertl wb :)
1190024104 M * shani thanx mate
1190024105 M * shani :)
1190024591 Q * hardwire Ping timeout: 480 seconds
1190025140 M * shani no discussion regarding vserver ?
1190025141 M * shani :D
1190025141 Q * friendly12345 Ping timeout: 480 seconds
1190025157 M * Bertl shani: well, start one ... ask something :)
1190025159 M * daniel_hozac too early for that :)
1190025336 Q * shani Read error: Connection reset by peer
1190025407 J * shani ~admin@202.133.77.38
1190025414 M * shani Got dc
1190025415 M * shani well I m really new to it , first i need to test it :) , then i will start a thread here
1190025572 M * Bertl good! if you need anything, let us know ...
1190025579 M * bzed Bertl: any ideas on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441143 ?
1190025601 M * shani thanx for your support Bertl
1190025602 M * shani :)
1190025629 M * daniel_hozac bzed: it's a dietlibc bug.
1190025672 M * daniel_hozac bzed: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435538
1190025673 M * bzed daniel_hozac: I'm not using dietlibc
1190025697 M * Bertl bzed: then you're doing something wrong :)
1190025715 M * bzed no :P
1190025720 M * daniel_hozac yeah, you are.
1190025742 M * bzed it's not only me runnign in this bug, so I guess it's not my fault :P
1190025769 M * daniel_hozac why would you build the utils yourself and not follow the instructions?
1190025805 M * bzed daniel_hozac: never done that
1190025823 M * bzed i'm only using debiacn packages
1190025825 M * daniel_hozac so... then you are using dietlibc.
1190025826 M * bzed *debian
1190025873 M * Bertl daniel_hozac: is the issue fixed in 0.31 (dietlibc)?
1190025890 M * bzed daniel_hozac: there's no dietlibc package on sparc
1190025914 M * daniel_hozac Bertl: no.
1190025990 M * bzed daniel_hozac: or is that a static linking magic?
1190026009 M * daniel_hozac dietlibc links everything statically.
1190026135 M * bzed daniel_hozac: aah ok, thanks for the info. then the util-vserver package on backports needs to be rebuild with a new dietlibc
1190026152 M * Bertl well, with a fixed one, I guess
1190026169 Q * ema Quit: leaving
1190026190 M * bzed Bertl: I was thinking 'new' as in a new debian revision
1190026201 M * Bertl ah, yeah, yes
1190026250 Q * shani Read error: Connection reset by peer
1190026278 M * bzed thanks for your help guys !
1190026311 M * Bertl np
1190026377 N * pmenier pmenier_off
1190026681 J * shani ~admin@202.133.77.38
1190026836 Q * shani Read error: Connection reset by peer
1190027186 Q * balbir Ping timeout: 480 seconds
1190027343 J * friendly12345 ~friendly@ppp121-44-239-215.lns2.mel4.internode.on.net
1190027457 M * kapil Bertl: please have a look at http://linux-vserver.org/RestrictingVserverNetworkingTips when you have time. I have tried to explain some points that I picked up here (mostly from you but errors are mine of course :)).
1190027515 M * Bertl probably you mean 2.0.2 not 2.2 
1190027552 M * Bertl 2. this is true for stable, 2.3.x (devel) has a specific lback address (and mapping)
1190027609 M * Bertl for the network less part, 2.2 should suffice (compared to 2.0, but please check)
1190027626 M * daniel_hozac IIRC 2.2 still has that problem.
1190027647 M * Bertl didn't we add the none check to 2.2.0.3 ?
1190027672 J * baggins ~baggins@kenny.mimuw.edu.pl
1190027679 M * daniel_hozac if we did, i missed it when writing the changelog :)
1190027683 M * Bertl if not then I'll put it on my todo ...
1190027691 M * Bertl wb baggins!
1190027698 M * baggins hi :)
1190027703 M * Bertl kapil: but regardless, debian uses 2.0.2, no?
1190027709 M * baggins bad news with me
1190027734 M * daniel_hozac yeah.
1190027738 M * baggins I found a nasty bug in 2.3 patch networking
1190027741 M * Bertl baggins: i.e. you are not going to make a huge donation to the project?
1190027749 M * Bertl baggins: just kidding :)
1190027756 M * daniel_hozac what bug is that?
1190027771 M * baggins vserver guest totally ignores routing table
1190027783 M * daniel_hozac hmm?
1190027785 M * Bertl how so?
1190027812 M * baggins I have 2 interfaces, A is for external net and default route, B for internal net
1190027828 M * Bertl okay
1190027846 M * baggins and then all packets have the source IP of the interface that is set up first in guest
1190027861 M * kapil Bertl: /proc/virtual/info gives VCIVersion:0002:0002. Is that 2.0.2?
1190027867 M * daniel_hozac kapil: yes.
1190027889 M * daniel_hozac baggins: how do you think that is unexpected?
1190027903 M * kapil ok. then that is what Debian "etch" has.
1190027908 M * Bertl daniel_hozac: I'm waiting for the twist too :)
1190027929 M * daniel_hozac Bertl: the network-less guest problem seems to be present in 2.3 too
1190027957 M * Bertl really? I thought I verified that recently .. have to double check that again
1190027958 M * daniel_hozac i.e. ncontext --nid 42 --create -- nattribute --set --nid self --flag persistent -- nc google.com 80 connects just fine.
1190027962 M * baggins daniel_hozac: routing table tells that traffic to 10/8 net should go to B and everything else through A
1190027977 M * Bertl daniel_hozac: what does it show in /proc/virtnet?
1190027997 M * daniel_hozac as expected, no addresses other than lback and bcast.
1190027997 M * Bertl baggins: does the guest have an address in 10/8 ?
1190028007 M * baggins of course
1190028019 M * Bertl daniel_hozac: ah, but lback is set? if so, it has an address :)
1190028052 M * daniel_hozac Bertl: right, but... there's no NAT.
1190028061 M * baggins BTW that guest works perfectly with 2.2 patch
1190028064 M * daniel_hozac so, how could it work? :)
1190028087 M * Bertl good point
1190028095 M * Bertl will investigate this
1190028154 M * Bertl baggins: do you have some time to do some tests?
1190028198 M * daniel_hozac i guess ip r, ip a and cat /proc/virtnet/<nid>/info are things we'll need, at least.
1190028203 M * baggins Bertl: time I may find, but I may heave problem setting a test environment
1190028223 M * Bertl baggins: nah, I'm more interested in re-creating your setup here
1190028256 M * baggins ok, give me a moment
1190028299 M * Bertl no need to hurry
1190028491 M * baggins http://paste.linux-vserver.org/6603
1190028629 M * Bertl what 2.3 kernel is that?
1190028634 M * baggins external addresses are a bit mangled for paranoia reasons
1190028643 M * Bertl I mean, vs2.3.x.y?
1190028655 M * baggins Bertl: vs2.3.0.20
1190028673 M * baggins BUT, I had to boot vs2.2 now
1190028674 M * Bertl why doesn't it show lback in /proc/virtnet/101/info?
1190028708 M * baggins it's vs2.2, that's a production machine, I coudn't let it not work
1190028730 M * Bertl aha, okay, why do you have 127.0.0.1 assigned to the guest?
1190028760 M * baggins something didn't work without it, I can't remember what now
1190028788 M * Bertl did you remove that for 2.3.0.20 ?
1190028805 M * baggins I tried with and without it, same effect
1190028831 M * Bertl and what IP did you try to reach from the guest?
1190028906 M * baggins random, my routers for example 10.1.1.31 and 199.0.6.31
1190028927 M * baggins be back in a few minutes
1190028933 M * Bertl okay, and 10.1.1.31 didn't reach the router?
1190028972 M * daniel_hozac 10.0.0.0/8 via 10.1.1.31 dev eth1
1190028984 M * daniel_hozac you realize 10.1.1.31 is in 10.0.0.0/8, right?
1190029009 M * Bertl hehe, right, didn't see the /8 here :)
1190029418 Q * Piet Quit: Piet
1190029434 M * Bertl daniel_hozac: how 'ready' is 0.30.214 for user and pid namespaces?
1190029487 M * daniel_hozac it uses vc_get_space_mask, so as long as that's updated, it should just magically work.
1190029509 M * Bertl excellent, do we have tools to enter those spaces too?
1190029518 M * Bertl I mean, specific spaces
1190029529 M * daniel_hozac no, vspace doesn't exist yet. 0.30.215 should have it...
1190029542 M * Bertl ah, great, so work in progress ...
1190030232 J * roym ~user@adsl-065-006-164-142.sip.mia.bellsouth.net
1190030360 J * Julius ~julius@p57B25319.dip.t-dialin.net
1190030374 Q * kapil Quit: power gone.
1190030568 M * Bertl yep, I can confirm, source ip selection seems broken in 2.3.0.20 (i.e. the first one is used, even if a proper ip is available) checking details now
1190030600 Q * sharkjaw Remote host closed the connection
1190030640 M * Bertl daniel_hozac: btw, do we have any missing ipv4/6 fixes pending for 2.3.0.x?
1190030676 M * daniel_hozac not that i know of, except for the missing isolation bits in /proc/net.
1190030683 M * Bertl okay
1190030834 Q * Aiken Quit: Leaving
1190030845 M * Bertl first thing: single ip is not set ...
1190030858 Q * Julius Ping timeout: 480 seconds
1190030863 M * daniel_hozac hmm?
1190030883 M * Bertl which is a good sign, otherwise the result would not be unexpected
1190031105 J * sharkjaw ~gab@158.36.44.106
1190031534 J * Julius ~julius@p57B25319.dip.t-dialin.net
1190032968 P * friendly12345 
1190033045 M * Bertl daniel_hozac: hmm, it looks like __ip_route_output_key() actually suggests the first ip .. strange
1190033118 M * Bertl ah, didn't we have some netmask matching for that to find the best one?
1190033127 M * daniel_hozac i think so.
1190033141 M * Bertl I probably removed that in the cleanup process (unintentionally)
1190033745 M * Bertl yeah, I guess the 2.2 code is quite tricky in the way it works
1190033746 Q * ktwilight Read error: Connection reset by peer
1190034586 J * igraltista ~jens@p4FD25C3C.dip.t-dialin.net
1190034598 M * Bertl wb igraltista!
1190034655 M * igraltista hi
1190034774 M * Supaplex moin!
1190034961 M * Bertl daniel_hozac: got a few minutes for me?
1190034967 M * daniel_hozac sure
1190034981 J * igraltista_ ~jens@p4FD26879.dip.t-dialin.net
1190034991 M * Bertl I think we should change two things, but I'm not completely sure about the semantics we actually want
1190035018 M * Bertl first, we should make the route hash nid aware (regarding the flow) to avoid false positives
1190035044 M * Bertl the idea here is to simply add the nid to the struct flowi
1190035066 M * Bertl (and subsequently use it for checks and hashing)
1190035094 M * daniel_hozac hmm, what would the point be?
1190035121 M * Bertl let me give a reference setup to discuss that
1190035205 M * Bertl http://paste.linux-vserver.org/6605
1190035240 M * Bertl the tun0/1 is on the QEMU host
1190035268 Q * igraltista Ping timeout: 480 seconds
1190035270 M * daniel_hozac connected to eth0/1?
1190035277 M * Bertl yep, now, inside the guest, when we do the telnet, we
1190035291 M * Bertl do soemthing like this:
1190035316 M * Bertl http://paste.linux-vserver.org/6606
1190035359 M * Bertl the 10.0.1.2 source is the expected result for the host
1190035372 M * Bertl (for a route from 0.0.0.0 -> 10.0.1.1)
1190035406 M * Bertl now, inside the guest, the expected source would be 10.0.1.3 (or .4)
1190035414 M * daniel_hozac right...
1190035431 M * Bertl the ip selection on the host is based on the primary/secondary selection
1190035465 M * Bertl we can (we'll talk about that shortly) consider the first ip in the correct 'network' primary
1190035483 M * daniel_hozac yeah, that makes sense.
1190035490 M * Bertl but, the problem here is, the route hash will still return 10.0.1.2
1190035511 M * Bertl thus, inside such a guest, we will always take the slow part
1190035514 M * Bertl *path
1190035525 M * Bertl regardless how often the routing cache is consulted
1190035545 M * daniel_hozac ah, so we're talking about optimizing it, okay.
1190035553 M * Bertl yes, precisely
1190035573 Q * Julius Ping timeout: 480 seconds
1190035626 M * Bertl now to making it work correctly (which is more important, but I wanted you to be aware of this planned optimization)
1190035726 M * Bertl the important part here is, that getting the routing cache right requires us to be able to get the right result into the cache
1190035791 M * Bertl which brings me to the question if we shouldn't move the source ip selection itself into ip_route_output_*
1190035812 M * daniel_hozac hehe, i was just typing that.
1190035835 M * daniel_hozac it makes the most sense to me.
1190035839 M * Bertl okay, so we agree there ... fine
1190035846 M * Supaplex me to (well, not really, but it sounds fun)
1190035856 M * Bertl I see two problems though ...
1190035874 M * Bertl first, EXPORT_SYMBOL_GPL(__ip_route_output_key)
1190035909 M * Bertl and second, the primary vs. secondaries issue
1190035922 M * daniel_hozac what's the problem with the first?
1190035943 M * Bertl well, I suspect a number of things to break if we add an argument there
1190035945 J * Julius ~julius@p57B25319.dip.t-dialin.net
1190035966 M * Bertl i.e. if we change how flowi is defined (with out of kernel modules)
1190036002 M * daniel_hozac i don't think there are too many external modules using the route cache TBH.
1190036005 M * Bertl not a primary issue, I know, but I have no idea how many modules are affected
1190036025 M * daniel_hozac DRBD and similar are the only ones that come to mind.
1190036054 M * daniel_hozac as for primaries vs. secondaries, i think "the first in the list" makes the most sense.
1190036078 M * Bertl okay, it might be a good idea to explicitely add the network context as argument to __ip_route_output_*, this way we will at least see where it breaks :)
1190036096 M * daniel_hozac yeah, i was just thinking that...
1190036110 M * daniel_hozac compile time failures are so much better than weird runtime behaviour.
1190036152 M * Bertl yep, indeed
1190036382 M * Bertl okay, I'll see what I can come up with ...
1190036593 M * Bertl hum hum .. a quick check gives that we have to change at least 57 calls if we want to make the network context an explicit argument
1190036604 M * daniel_hozac ouch!
1190036635 M * daniel_hozac i suppose using current->nid is unsafe?
1190036660 M * Bertl yes, especially as we actually need the nxi in some places
1190036748 M * daniel_hozac OTOH, are we making sure those places are using the correct source address some other way?
1190036750 M * Bertl OTOH, I'm not very happy with passign nxi pointers around in flow entries
1190036792 M * daniel_hozac well, we could use the nid in the lookups, but i guess we do need the nxi to perform the checks.
1190036818 M * Bertl yep
1190036949 M * Bertl okay, let's forget about the optimization for now, I guess that needs more thought
1190037043 M * Bertl I guess I need a break ... will take a nap ... will be back later ...
1190037054 M * daniel_hozac enjoy!
1190037055 M * Bertl thanks for your time!
1190037063 N * Bertl Bertl_zZ
1190038155 N * pmenier_off pmenier
1190038182 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch
1190038316 Q * sharkjaw Quit: Leaving
1190039177 Q * FireEgl Ping timeout: 480 seconds
1190039731 J * ktwilight ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be
1190040582 Q * the-dude Remote host closed the connection
1190040728 Q * igraltista_ Ping timeout: 480 seconds
1190041000 J * the-dude ~martijn@senturparks.xs4all.nl
1190041106 Q * yarihm Quit: Leaving
1190041225 Q * jmcaricand Remote host closed the connection
1190041614 J * cl4sh ~cl4sh@qik.ds.pg.gda.pl
1190041652 M * cl4sh hi all
1190041671 M * daniel_hozac hello
1190041716 M * cl4sh ive got problem with vupdateworld my_guest
1190041747 M * cl4sh translation of adress is failed
1190041787 M * daniel_hozac and, does the guest have internet access?
1190041856 M * cl4sh no
1190041871 M * cl4sh but i try to do update from host
1190041902 M * daniel_hozac it's just a wrapper, it runs the commands in the guest.
1190041967 M * cl4sh uhm, ok i un derstand, i must configure net in guest yes ?
1190041981 M * daniel_hozac yes.
1190042596 Q * dna Read error: Connection reset by peer
1190042616 J * dna ~dna@8-195-dsl.kielnet.net
1190042638 J * baldy baldy@brain.servercrew.de
1190042646 Q * baldy 
1190042668 J * baldy baldy@brain.servercrew.de
1190043125 J * oauto ~micah@micah.riseup.net
1190043889 N * ensc Guest488
1190043899 J * ensc ~irc-ensc@p54B4D462.dip.t-dialin.net
1190044008 Q * Guest488 Ping timeout: 480 seconds
1190044148 J * DavidS ~david@vpn.uni-ak.ac.at
1190044160 M * DavidS Hi!
1190044415 M * DavidS http://paste.debian.net/37369 << what am i doing wrong?
1190044422 J * Piet ~piet@tor.noreply.org
1190044476 M * Borg- it says what is wrong..
1190044484 M * DavidS of course, trying manually to pushd /etc/vservers/webmail/vdir works
1190044486 M * Borg- vdir link doesnt point to guest root dir
1190044508 M * DavidS readlink -f also shows /var/lib/vservers/webmail
1190044525 N * bragon_ bragon
1190044571 N * oauto micah
1190044627 M * Borg- ls -ld /etc/vservers/webmail/vdir
1190044633 Q * bragon Killed (NickServ (Too many failed password attempts.))
1190044649 M * DavidS lrwxrwxrwx 1 root root 40 2007-03-23 14:06 /etc/vservers/webmail/vdir -> /etc/vservers/.defaults/vdirbase/webmail
1190044662 M * Borg- huh?
1190044671 M * Borg- ls -ld /etc/vservers/.defaults/vdirbase
1190044698 M * DavidS jerry:/etc/vservers# readlink -f /etc/vservers/.defaults/vdirbase/webmail
1190044698 M * DavidS /var/lib/vservers/webmail
1190044706 M * Borg- no no
1190044713 M * Borg- paste me vdirbase
1190044727 M * Borg- sth is wrong
1190044728 M * DavidS ls -ld  /etc/vservers/.defaults/vdirbase
1190044728 M * DavidS lrwxrwxrwx 1 root root 17 2007-09-17 17:46 /etc/vservers/.defaults/vdirbase -> /var/lib/vservers
1190044812 M * Borg- theoreticaly.. its looks ok
1190044893 J * bragon ~bragon@2001:7a8:aa58::1
1190044896 M * Borg- try hack w/ just one symlink (ie: /etc/vservers/webmail/vdir -> /var/lib/vservers/webmail
1190044898 M * DavidS ah, i found the problem:
1190044900 M * DavidS jerry:/etc/vservers# ls -ld /etc/vservers/webmail
1190044900 M * DavidS lrwxrwxrwx 1 root root 14 2007-09-17 18:01 /etc/vservers/webmail -> _jerry/webmail
1190044911 M * DavidS if i cp-av instead of ln-s; it works
1190044914 M * Borg- huh?
1190044951 M * daniel_hozac _jerry is a separate mount point, no?
1190044952 M * DavidS  /etc/vservers/_jerry lies on a SAN
1190044955 M * DavidS yes
1190044969 M * Borg- why you keep configs on SAN?
1190044973 M * DavidS failover
1190044990 M * daniel_hozac so it got cleaned up during namespace cleanup.
1190045053 M * Borg- DavidS: so you have 2 identical hosts (one active, second standby) and if one dies you start all vservers on other host?
1190045074 M * DavidS Borg-: that's the target, yes
1190045079 M * DavidS goal*
1190045161 M * DavidS would it work if I put the config directory on the same volume as the vserver root? like /mounts/volume/config and /mounts/volume/barrier/vserver_system ?
1190045310 M * daniel_hozac it would work if you didn't use symlinks.
1190045322 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33
1190045333 M * DavidS bind mounts?
1190045348 M * daniel_hozac for instance. or just mounted it on /etc/vservers.
1190045379 M * DavidS drat, I have two servers who each have their own volume
1190045419 M * DavidS therefore I don't have it on /etc/vservers but on .../_$(hostname)
1190045579 M * DavidS I should really look into GFS :)
1190045634 J * jmcaricand ~jmcarican@d83-179-243-59.cust.tele2.fr
1190046130 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/
1190046543 M * DavidS that one gave me a good laugh: http://paste.debian.net/37371
1190046557 M * DavidS then I realized that i am not able to stop the vserver :(
1190046576 M * daniel_hozac interesting...
1190046622 M * DavidS i could start it by bind-mounting /etc/vservers/_jerry/webmail to /etc/vservers/webmail , webmail/run points to a file with the context number in it ...
1190046678 M * DavidS hmm ... vserver-stat shows it, enter doesn'T work
1190046697 M * daniel_hozac so where do you have symlinks?
1190046707 M * daniel_hozac is /var one? /var/run? /var/run/vservers?
1190046758 M * DavidS only the "usual" ones, /var is a complete partition, /etc/vservers/webmail is a bind mount of /etc/vservers/_jerry/webmail
1190046810 M * daniel_hozac well, for some reason, you lost the filesystem containing the run-file in your guest's namespace.
1190046846 M * cl4sh i cant configure network on my guest, maybe sombody knows howto or other doc about configure netowrk (ive got dhcp on host)
1190046881 M * DavidS hohum ... can i enter the namespace and "re-mount" that?
1190046913 M * DavidS cl4sh: the network on the guest is entirely configuret via the interfaces/ directory in /etc/vservers/vserver/
1190047021 M * cl4sh DavidS : yes i know but when i was create guest i was set interface like it was make in http://linux-vserver.org/Installation_on_Gentoo#Start_guests_on_boot
1190047067 M * cl4sh DavidS : sory for my english
1190047092 J * jmcaricand ~jmcarican@d83-179-243-59.cust.tele2.fr
1190047157 M * DavidS that link has nothing to do with networking
1190047178 M * DavidS cl4sh: your english is still better than my polish ;)
1190047186 M * cl4sh DavidS : bu i was crteate guest with hostname and interface
1190047197 Q * pmenier Quit: pmenier
1190047201 M * cl4sh DavidS : maybe
1190047245 M * cl4sh DavidS : i was emerge dhcpcd and try dhcpcd eth0 but i get error
1190047260 M * cl4sh DavidS : Error, eth0: ioctl SIOCSIFFLAGS: Permission denied
1190047290 M * DavidS cl4sh: dhcp needs more rights than a vserver guest usually has
1190047376 M * cl4sh DavidS : how i should do that?
1190047393 M * cl4sh DavidS : or where i can find answer
1190047443 M * DavidS cl4sh: do you really need dhcp? it would be easier (and safer) to configure static IPs
1190047500 M * cl4sh DavidS : i dont know if ots possible on host ive got dhcp 
1190047527 M * cl4sh DavidS : i only want to run network in guest :P
1190047571 M * cl4sh DavidS : but as you seen im little bit noob and dont know how to do that
1190047613 J * igraltista ~jens@p4FD27E7C.dip.t-dialin.net
1190047634 M * DavidS daniel_hozac: i had a hackedumount around which did bad things to namespaces ... that seems to have killed the runfile
1190047747 J * coderanger_ ~coderange@c-65-96-210-168.hsd1.ma.comcast.net
1190047972 Q * dsoul Remote host closed the connection
1190048328 J * dsoul darksoul@vice.ii.uj.edu.pl
1190048542 M * ktwilight is traffic shaping host-specific? or is it possible to do guest-specific?
1190048555 M * ktwilight i.e. Guest A has bandwidth limits, but Guest B doesn't.
1190048841 J * hparker ~hparker@linux.homershut.net
1190048864 Q * Piet Remote host closed the connection
1190048920 J * Piet ~piet@tor.noreply.org
1190049798 Q * Julius Remote host closed the connection
1190049837 J * Julius ~julius@p57B25319.dip.t-dialin.net
1190050067 Q * coderanger_ Quit: coderanger_
1190050879 J * hardwire ~bip@rdbck-5622.palmer.mtaonline.net
1190051027 M * daniel_hozac ktwilight: just make it IP-based.
1190051439 Q * cl4sh Quit: My damn controlling terminal disappeared!
1190052039 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa
1190052066 N * Bertl_zZ Bertl_oO
1190052336 Q * dsoul Read error: Connection reset by peer
1190052652 N * _Hunger Hunger
1190053003 J * dsoul darksoul@vice.ii.uj.edu.pl
1190053911 J * coderanger_ ~coderange@wireless-59.media.mit.edu
1190055065 Q * mattzerah resistance.oftc.net synthon.oftc.net
1190055065 Q * puck resistance.oftc.net synthon.oftc.net
1190055082 J * mattzerah ~matt@121.50.222.55
1190055082 J * puck ~puck@leibniz.catalyst.net.nz
1190055212 J * Piet_ ~piet@tor.noreply.org
1190055285 Q * Piet Remote host closed the connection
1190055668 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/
1190055783 Q * DavidS Quit: Leaving.
1190055783 Q * ktwilight Read error: Connection reset by peer
1190057532 J * ema ~ema@fw.galliera.it
1190057704 J * ktwilight ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be
1190058782 J * Piet__ ~piet@tor.noreply.org
1190058826 N * Piet__ Piet
1190058962 Q * Piet_ Ping timeout: 480 seconds
1190059255 Q * coderanger_ Remote host closed the connection
1190059287 J * coderanger_ ~coderange@1cc-dhcp-119.media.mit.edu
1190059581 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch
1190060806 M * yarihm Hi everyone ... 
1190060818 M * daniel_hozac hello
1190060849 M * yarihm has anyone a usable routing for finding out the vserver-name in startup or stop scripts? it seems the environment is empty, all i have is the pwd
1190060893 M * yarihm the problem with the pwd is that the scripts cannot be called if they are not called by util-vserver or from the right directory
1190060920 M * daniel_hozac $2 is the guest's name.
1190060930 M * yarihm oh ... 
1190060934 M * yarihm thanks a lot :)
1190061100 Q * meandtheshell Quit: Leaving.
1190061374 Q * daniel_hozac Quit: reboot
1190061496 Q * dna Quit: Verlassend
1190061821 Q * bonbons Quit: Leaving
1190061976 J * ktwilight_ ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be
1190062028 Q * Julius Remote host closed the connection
1190062093 Q * ktwilight Ping timeout: 480 seconds
1190062657 M * micah if I do an rsync -avzH of a vserver to another host and then realize half-way through that I forgot --numeric-ids... if I stop it and then start it with --numeric-ids, will it fix things?
1190062661 M * micah or do I need to redo it all?
1190063000 M * micah where things = uid/gid :)
1190063412 M * mstrobert I'm trying to share a file in a mount--bind among vservers, but I only want the host machine to be able to modify it, not the guests. What combination of setattr and/or chxid do I need?
1190063426 J * Aiken ~james@ppp121-45-250-174.lns2.bne4.internode.on.net
1190063583 J * cunha ~adray@65-202-207-85.jizmorava.adsl-llu.static.bluetone.cz
1190063589 P * cunha 
1190063720 J * daniel_hozac ~daniel@c-051472d5.08-230-73746f22.cust.bredbandsbolaget.se
1190063856 M * daniel_hozac mstrobert: mount -o bind,ro
1190063861 M * daniel_hozac micah: yes.
1190063997 M * micah daniel_hozac: i just finished my test which confirms what you say :)
1190065154 Q * yarihm Quit: Leaving
1190066647 Q * ema Quit: leaving
1190067133 Q * hparker Quit: Quit
1190068118 Q * igraltista Read error: Connection reset by peer
1190068426 J * hparker ~hparker@linux.homershut.net
1190069859 M * mstrobert daniel_hozac: okay, that works when tagxid is off, but I'm having trouble when tagxid is turned on (in my /var/lib/vservers mount). If mount's target is xid 0, it works. But if mount's target is a certain xid, it will fail to work when I start the vserver guest. After further investigation, I see that the vserver guest is incrementing its xid each time it starts? I thought each vserver guest had an xid that wouldn't change.
1190069910 M * mstrobert daniel_hozac: er, my references to mount are ambiguous. 
1190069945 M * mstrobert daniel_hozac: after the first sentence, all references to 'mount' refer to the mount--bind.
1190070129 J * meandtheshell ~markus@85.127.108.167
1190070141 Q * meandtheshell 
1190070687 Q * ktwilight_ Remote host closed the connection
1190070719 J * ktwilight_ ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be
1190073407 J * ktwilight ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be
1190073407 Q * ktwilight_ Read error: Connection reset by peer